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MyService.jws 



* ©common: security roles -allowed«"r-l" 

* ©common: security roles-referenced="r-3° 
•/ 

public class MyService { 

/** ©common: control */ 
TheirService theirService; 



/ 



* ©common: ope rat ion 
*/ 

void someOperation {) { 

theirService. foo<) ; // authorized to r-1 



/•* 

* ©common : ope rat ion 

* ©common: security roles -all owed="r-2" 
V 

void anotherOperationO { 

theirService. bar () ; // authorized to r-1 or r-2 



void theirService_fooReply () { 
... // authorized to r-1 



void theirService_barReply { 

... H authorized to r-1 or r-2 



} 



interface Callback { 

public void myReplyO; 
{ // end Callback 
} // end JWS 



TheirService.jbcx 



* ©common: security roles-allowed="r-l" 

* ©common: security callback-roles-allowed="r-l " 
V 

interface TheirService extends ServiceControl { 



void foot); // authorized to r-1 

/** ©common: security roles-allowed="r-2" */ 
void bar{); // authorized to r-1 or r-2 



public interface Callback { 
void f ooReply O ,- 
/** 

* ©common : security 

* callback-roles-allowed="r-2" 
V 

void barReply () ; 



Figure 11 
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Using run-as="<start-user>" will cause the Subject that started the conversation to be bound to all continue|finish calls 
from the JW(X). 

1. Invoke privileges on Control operations wilt be evaluated with respect to the roles granted to the starting Principal 

2. From within called Controls: 

(a) Any call to getCallerPrincipal() will return the starting Principal 

(b) Any call to hadRoleQ will be evaluated with respect to the roles granted to the starting Principal 



0 



A 

user:B 



"A" must 
---*ave— - ► 
role "M" 



"8" must 
— have — l 
role "r2" 



"C" must have 



* ©common: security run-as="<start-user>" 

V 

class SomeJws { 

/*• ©common : control */ 
SomeService svc; 



/** ©common: control •/ 
AnotherControl other; 



* ©common: operation 

* ©common: security rol es- all owed- " rl " 

* ©common conversation phase=" start" 
*/ 

_start<) { 

getCallerPrincipal () -> "A" 

svc . f oo ( ) ; 



) 



* ©common: operation 

* ©common: security roles-allowed="r2 " 

* ©common conversation phase= "continue" 
*/ 

_continue{) { 

getCallerPrincipal 0 -> "B" 

svc . bar ( ) ; 



{ 

svc_someEvent { ) { 
getCallerPrincipal 0 



other . anyMethod ( ) ; 



interface SomeService extends ServiceControl { 



©common : security roles-allowed-"rl" 
©common : opera t ion 



void foo() { 

getCallerPrincipal {) 



©common: security roles- allowed* "rl" 
©common : operation 



void bar() { 
^ getCallerPrincipal O 



interface Callback { 



®j be conversation phase= "continue" 
©jbc: security roles- allowed="r3 " 



void someEvent ( ) ; 



0 

A 

userC 



interface AnotherControl extends Control { 
► getCallerPrincipal 0 ->"A" 



External Callback 



"{Sync Callback would already have "the Start Principal bound on the invoke that triggered the Callback) 



Figure 12 
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public interface Service interceptor { 
| /** 

j * Provides initialization data to the interceptor implementation. This method 
j * will be called before any call to "handle" methods. 
| * ©param config configuration paramaters defined through config-data annotations 
j * ©param wsdl the definition for this service 
*/ 

public void init (Map config, XMLInputStream wsdl); 

i 

! /** 4: 

* The interface called from the knex runtime to allow top-level 

* containers to interrogate and/ or manipulate the incoming XML 

* request . The request respresents the entire payload of the 
j * request. This interface is invoked before any paramter-xml 

* maps are run. 

I * ©param xmlRequest The request that is targeted to an ©operation 
I * method . 

* ©return an XMLInputStream that will be delivered to an ©operation 

* method on the current service.; 
| */ 

! public XMLInputStream hand! eRequest (XMLInputStream xmlRequest); 

! y* * , - 

j * The interface called from the knex runtime to allow top-level 
| * containers to interrogate and/or manipulate the outgoing XML 

* response. The response respresents the entire payload of the 
| * response. This interface is invoked after any return-xml 
i * maps have run. 

| * ©param xmlResponse The response that was generated by an ©operation 

* method. 

; * ©return an InputStream that will be returned to the caller of the 

* service. 

j */ ' 

I public XMLInputStream handleResponse (XMLInputStream xmlResponse); 

* The interface called from the knex runtime to allow top-level 

* containers to interrogate and/ or manipulate the outgoing XML 

* response. The response respresents the entire payload of the 

* response. 

* ©param xmlResponse The response that was generated by an ©operation 

* method. 

* ©return an InputStream that will be returned to the caller of the 

* service. 
I */ 

| public XMLInputStream handleFault (XMLInputStream xmlFault); 
[ /** 

i * Called when the service instance is being removed. After destroy is called, 
' * none of the "handle" methods will be calls. 

I */ 

I public void destroy () ; 



Figure 15 



